donacker
asked on
ACE probe question
I have a couple of servers that were hardened by our web guru. They are locked down pretty tight and refuse to give up information easily. I'm new to the cisco ACE and I'm trying to figure out if my statements are correct and the servers are locked down funny, or if I have the statements wrong/missing something in the probe itself.
Please note that i can get the servers I want just fine if I don't put the probe in. The file /index.shtml fine. I'm using head here because I don't care if the page is completely formed, just that it exists and there are some largish files on the page and I don't care to download the whole thing.
So I have the probe set in the serverfarm only (the rservers are currently set to "inservice" with no probe)
so the serverfarm has "probe ProdServerProbe"
the definition for the "Prod ServerProbe" is as follows
probe http ProdServerProbe
interval 30
passdetect interval 60
request method head url /index.shtml
open 1
One thing I didn't get from the documentation (maybe I didn't read it well is) is whether passdetect inverval needs to be greater than interval
The server does have a /index.shtml
The server does respond to http on port 80
I can "bypass" the ACE by typing in the URL and I can see the page just fine
If I turn off probing the site seems to work just fine.
Please let me know if my config is screwy or if this is just a case of the server being locked down more than the ACE can bypass.
Please note that i can get the servers I want just fine if I don't put the probe in. The file /index.shtml fine. I'm using head here because I don't care if the page is completely formed, just that it exists and there are some largish files on the page and I don't care to download the whole thing.
So I have the probe set in the serverfarm only (the rservers are currently set to "inservice" with no probe)
so the serverfarm has "probe ProdServerProbe"
the definition for the "Prod ServerProbe" is as follows
probe http ProdServerProbe
interval 30
passdetect interval 60
request method head url /index.shtml
open 1
One thing I didn't get from the documentation (maybe I didn't read it well is) is whether passdetect inverval needs to be greater than interval
The server does have a /index.shtml
The server does respond to http on port 80
I can "bypass" the ACE by typing in the URL and I can see the page just fine
If I turn off probing the site seems to work just fine.
Please let me know if my config is screwy or if this is just a case of the server being locked down more than the ACE can bypass.
ASKER
I have included this. I was aware that it was not "connecting" what I'm trying to ascertain is as follows:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Is the probe I posted above configured in such a way it will always fail, or does that probe look like it should work. If it should work than I am likely to assume that the problem is the way that these servers were tweaked.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
The following output is shown
show probe ProdServerProbe detail
probe : ProdServerProbe
type : HTTP
state : ACTIVE
description :
-------------------------- ---------- ----------
port : 80 address : 0.0.0.0 addr type : -
interval : 30 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
http method : HEAD
http url : /index.shtml
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+---- ----+----- ---+------ --+------- -+------
serverfarm : ProdServers
real : ProdWeb1-Pri[80]
real : ProdWeb1-Sec[80]
real : ProdWeb2-Pri[80]
real : ProdWeb2-Sec[80]
10.10.10.202 80 REAL 4977 4977 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 403
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Mon Apr 5 05:29:43 2010
Last fail time : Fri Apr 2 09:22:16 2010
Last active time : Never
real : ProdWeb3-Pri[80]
real : ProdWeb3-Sec[80]
show serverfarm ProdServers
serverfarm : ProdServers, type: HOST
total rservers : 6
-------------------------- -------
----------connections----- ------
real weight state current total failures
---+---------------------+ ------+--- ---------+ ---------- +--------- -+-------- -
rserver: ProdWeb1-Pri
10.10.10.101:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb1-Sec
10.10.10.201:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb2-Pri
10.10.10.102:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb2-Sec
10.10.10.202:80 8 PROBE-FAILED 0 17 0
rserver: ProdWeb3-Pri
10.10.10.103:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb3-Sec
10.10.10.203:80 8 OUTOFSERVICE 0 0 0
--------------------------
Is the probe I posted above configured in such a way it will always fail, or does that probe look like it should work. If it should work than I am likely to assume that the problem is the way that these servers were tweaked.
--------------------------
The following output is shown
show probe ProdServerProbe detail
probe : ProdServerProbe
type : HTTP
state : ACTIVE
description :
--------------------------
port : 80 address : 0.0.0.0 addr type : -
interval : 30 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
http method : HEAD
http url : /index.shtml
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+----
serverfarm : ProdServers
real : ProdWeb1-Pri[80]
real : ProdWeb1-Sec[80]
real : ProdWeb2-Pri[80]
real : ProdWeb2-Sec[80]
10.10.10.202 80 REAL 4977 4977 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 403
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Mon Apr 5 05:29:43 2010
Last fail time : Fri Apr 2 09:22:16 2010
Last active time : Never
real : ProdWeb3-Pri[80]
real : ProdWeb3-Sec[80]
show serverfarm ProdServers
serverfarm : ProdServers, type: HOST
total rservers : 6
--------------------------
----------connections-----
real weight state current total failures
---+---------------------+
rserver: ProdWeb1-Pri
10.10.10.101:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb1-Sec
10.10.10.201:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb2-Pri
10.10.10.102:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb2-Sec
10.10.10.202:80 8 PROBE-FAILED 0 17 0
rserver: ProdWeb3-Pri
10.10.10.103:80 8 OUTOFSERVICE 0 0 0
rserver: ProdWeb3-Sec
10.10.10.203:80 8 OUTOFSERVICE 0 0 0
Hi donacker,
Thanks for the output.
The probe is failing with error code 403:
"Last status code : 403"
"Last disconnect err : Received invalid status code"
403 indicates that the address if forbidden. It doesn't bode well, but you'll also need to configure an expected status code as per the attached code. My example marks only the 200 OK status (range 200-200) as a successful probe.
As a test you could change the range to 200-403. The probes should then succeed and mark your server as ACTIVE. This won't solve the problem of the forbidden page, which will either be down to a non-existent page (unlikely based on what you've said) or a permission problem (quite possible based on what you've said!).
Hope this helps.
Thanks for the output.
The probe is failing with error code 403:
"Last status code : 403"
"Last disconnect err : Received invalid status code"
403 indicates that the address if forbidden. It doesn't bode well, but you'll also need to configure an expected status code as per the attached code. My example marks only the 200 OK status (range 200-200) as a successful probe.
As a test you could change the range to 200-403. The probes should then succeed and mark your server as ACTIVE. This won't solve the problem of the forbidden page, which will either be down to a non-existent page (unlikely based on what you've said) or a permission problem (quite possible based on what you've said!).
Hope this helps.
probe http ProdServerProbe
interval 30
passdetect interval 60
request method head url /index.shtml
expect status 200 200
open 1
ASKER
Considering the fights I've had with this unit whenever urls come into play let me verify that I have correctly written the page in the request method.
If I have www.example.com/index.shtml
do I enter
1) index.shtml
2) /index.shtml
3) www.example.com/index.shtml
4) http://www.example.com/index.shtml
If I have www.example.com/index.shtml
do I enter
1) index.shtml
2) /index.shtml
3) www.example.com/index.shtml
4) http://www.example.com/index.shtml
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you paste an output of
"show probe ProdServerProbe detail"
and
"show serverfarm ##name##"
here?
It sounds like the probes might not be detecting the server as OPERATIONAL at all.
Rupert.